CVE-2020-27279 – A NULL pointer dereference vulnerability in Cri... (How to Fix)

Q: What is the severity of CVE-2020-27279?

CVE-2020-27279 has a CVSS score of 7.5 (HIGH). A NULL pointer dereference vulnerability in Crimson 3.1 protocol converter allows attackers to cause denial of service by sending specially crafted packets that reboot affected devices. This affects industrial control systems running Crimson 3.1 software prior to build 3119.001. The vulnerability requires network access to the device.

📋 TL;DR

A NULL pointer dereference vulnerability in Crimson 3.1 protocol converter allows attackers to cause denial of service by sending specially crafted packets that reboot affected devices. This affects industrial control systems running Crimson 3.1 software prior to build 3119.001. The vulnerability requires network access to the device.

💻 Affected Systems

Products:

Red Lion Crimson 3.1

Versions: All versions prior to build 3119.001

Operating Systems: Windows-based industrial control systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects protocol converter component in Crimson 3.1 software running on industrial devices.

📦 What is this software?

Crimson by Redlion

View all CVEs affecting Crimson →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent denial of service through repeated device reboots, disrupting industrial processes and potentially causing safety incidents or production downtime.

🟠

Likely Case

Temporary service disruption through device reboot, requiring manual intervention to restore normal operation.

🟢

If Mitigated

No impact if devices are patched or network access is properly restricted.

🌐 Internet-Facing: HIGH - If devices are exposed to the internet, attackers can easily trigger reboots.

🏢 Internal Only: MEDIUM - Requires internal network access but could still be exploited by malicious insiders or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted packets to the vulnerable protocol converter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Build 3119.001 or later

Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04

Restart Required: Yes

Instructions:

1. Download Crimson 3.1 build 3119.001 or later from Red Lion support portal. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart affected devices. 5. Verify successful update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices in separate network segments with strict access controls.

Firewall Rules

all

Implement firewall rules to restrict access to protocol converter ports from untrusted networks.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable devices from untrusted networks.
Deploy intrusion detection systems to monitor for suspicious packets targeting the protocol converter.

🔍 How to Verify

Check if Vulnerable:

Check Crimson 3.1 build version in software interface or device properties.

Check Version:

Check Crimson 3.1 software version in the application interface or device configuration.

Verify Fix Applied:

Verify Crimson 3.1 build version is 3119.001 or later and test protocol converter functionality.

📡 Detection & Monitoring

Log Indicators:

Unexpected device reboots
Protocol converter error messages
Connection attempts to protocol converter ports

Network Indicators:

Unusual packets to protocol converter ports
Multiple connection attempts from single sources

SIEM Query:

source_ip = [external] AND dest_port = [protocol_converter_port] AND packet_size = [suspicious_size]

📊 Metadata

CVE ID: CVE-2020-27279

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: January 6, 2021

Last Updated: November 21, 2024

🔗 References

https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04 Third Party Advisory,US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-27279, you might also want to check these: